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(54) Packet forwarding apparatus with a flow detection table 

(57) A packet forwarding apparatus provided with a 
plurality of line interface units, comprises a routing 
processing unit for referring to a routing table, based on 
header information of received packet to specify one of 
output lines to output the received packet, a flow detec- 
tion unit for referring to an entry table, in which a plural- 
ity of entries with flow conditions and control information 
are registered, to retrieve control information defined by 
the entry with a flow condition which coincides with that 
of the header information of the received packet, and a 
packet forwarding unit for transferring the received 
packet to one of the line interface units connected to the 
output line specified by the routing processing unit. The 
entry table id divided into a plurality of subtables corre- 
sponding to the values of flow attributes associated with 
the received packets and the flow detection unit 
retrieves the control information from one of said subta- 
bles specified by the value of the flow attribute corre- 
sponding to the received packet. 
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Description 

BACKGROUND OF THE INVENTION 
Field of the Invention 

[0001 ] The present invention relates to a packet for- 
warding apparatus wherein a plurality of networks are 
connected to one another and packets are forwarded 
between the networks. 

Description of the Related Art 

[0002] Traffics (packets), which flow over an Inter- 
net, are increasing rapidly with an increase in Internet 
users. Since the same line can be shared between 
packets sent from a large number of users in a packet 
type communication system employed in the Internet, 
the cost per bandwidth can be less reduced. The non- 
execution of strict management of quality control or the 
like for each users also leads to the implementation of a 
cost reduction. 

[0003] Owing to the advantage of the low cost, 
which is held by the packet type communication system, 
moves have been made to integrate telephone net- 
works and enterprise networks which have heretofore 
been implemented by dedicated networks, into one by 
the Internet thereby to implement a reduction in commu- 
nication cost. It is necessary to implement quality of 
service (QoS) such as a low delay time, a low discard 
rate, etc. which have been carried out by the conven- 
tional telephone networks or enterprise networks, and 
security even over the Internet for the purpose of inte- 
grating these plural networks into one. 
[0004] As to QoS control for implementing QoS, for- 
warding or transfer control must be effected on respec- 
tive packets with priority corresponding to a contract 
while specific applications (such as telephone traffics, 
etc.) and individual users (enterprises, etc.) taken as 
objects to be controlled are being identified. The QoS 
control is generally used in an ATM (Asynchronous 
Transfer Mode) switch. The QoS control of the ATM 
switch is implemented by a bandwidth monitoring 
device for monitoring the presence or absence of a 
breach of a contracted bandwidth at the entrance of a 
network, and a priority control forwarding device for 
preferentially forwarding each packet made compliant 
with the contracted bandwidth with the contracted prior- 
ity. 

[0005] The priority control forwarding device 
employed in the ATM switch has been described in, for 
example, Japanese Patent Application Laid-Open No. 
Hei 6-197128 (prior art 1). In the prior art 1, two output 
buffers for C8R (Constant Bit Rate) and VBR (Variable 
Bit Rate) are provided every output lines, and the prior- 
ity for outputting each cell stored in the buffer for CBR is 
set higher than that for each cell stored in the buffer for 
VBR, whereby a communication delay time in the ATM 



switch is limited to within a constant value with respect 
to a cell group of CBR traffics having a strict restriction 
on a communication delay. 

[0006] Further, the bandwidth monitoring function 

5 employed in the ATM switch has been described in, for 
example, Chapter 4 of "The ATM Forum Traffic Manage- 
ment Specification Version 4.0" (prior art 2). In the prior 
art 2, bandwidth monitoring based on GCRA (Generic 
Cell Rate Algorithm) corresponding to an algorithm for 

10 bandwidth monitoring is effected at the entrance of each 
network, whereby resources for the network can be pre- 
vented from being occupied by a specific user. 
[0007] The ATM switch is a connecting device for 
connection type communications, wherein a user 

15 packet having a fixed length is communicated after a 
connection has been established between terminals. 
When the ATM switch receives a cell from an input line, 
it reads bandwidth monitoring information and QoS con- 
trol information such as priority information for cell 

20 transfer, etc. from a connection information table pro- 
vided in the ATM switch, based on connection informa- 
tion indicative of users and applications, included in a 
header of the input cell, thereby to perform bandwidth 
monitoring based on the bandwidth monitoring informa- 

25 tion and priority control of cell forwarding according to 
the priority information. 

[0008] On the other hand, a router device is a con- 
necting device for packet type (connection-less type) 
communications, in which a user packet is communi- 

30 cated without establishing a connection between termi- 
nals in advance. The router does not have the 
connection information table for storing the bandwidth 
monitoring information and the QoS control information 
as in the ATM switch. Therefore, the router device must 

35 be provided with a flow detector or detection device for 
detecting bandwidth monitoring information and priority 
information from header information set every input 
packets in order to perform priority transfer control and 
bandwidth monitoring. It is further necessary to control 

40 the bandwidth monitoring and the priority transfer, 
based on the bandwidth monitoring information and the 
priority information detected by the flow detector. 
[0009] In the specification of the present applica- 
tion, a packet identification condition defined by a com- 

45 bination of a plurality of items of parameter information 
included in a packet header will be called "flow condi- 
tion", a traffic comprised of a series of packets coinci- 
dent with the flow condition will be called "flowVand 
determination as to whether header information of each 

so received packet coincides with a predetermined flow 
condition, will be called "flow detection", respectively. 
[0010] The QoS control employed in the router 
device has been disclosed in, for example, Japanese 
Patent Application Laid-Open No. Hei 6-232904 (prior 

55 art 3). In order to execute the QoS control, a router dis- 
closed in the prior art 3 has a mapping table which holds 
priorities in association with all the combinations of pri- 
ority identification information and protocol (upper appli- 
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cation) information which will be included within the 
packet header so that the router executes priority for- 
warding control by determining the priority for each 
input packet from the mapping table. 
[0011] As another prior art related to the QoS con- 
trol employed in the router device, there is known Diff- 
serv (Differentiated Service) indicated by RFC2475 
(prior art 4) of IETF (Internet Engineering Task Force). 
[0012] According to the prior art 4, for example, 
when an edge router 326 or 327 called a boundary node 
located in the entrance of an Internet 325 in a network 
shown in Fig. 2 in which QoS is contracted between 
enterprise networks A, B, C and D and the Internet 325, 
receives a packet sent from an enterprise network 321 
or 324, it performs a flow detection through a flow detec- 
tor called classifier, with a source IP address and a des- 
tination IP address, a source port number and a 
destination port number, protocol, etc. in a TCP/IP 
header as flow conditions respectively. Each boundary 
node monitors a bandwidth for each flow detected by 
the classifier and writes the result of determination of 
DS indicative of each priority in the Internet 325 into a 
DS field (TOS field) of each received packet. A back- 
bone router (called an interior node in the prior art 4) 
corresponding to a core node of the Internet 325 per- 
forms QoS control on each packet, based on the value 
of each DS field referred to above. 
[0013] The flow detection is a technique necessary 
even for filtering to keep security. In a connection type 
communication network, for example, each terminal is 
controlled so that a connection is established only 
between the terminal and a pre-allowed communication 
opposite party, and a connection between the terminal 
and a non-allowed communication opposite party is pro- 
hibited from establishing, whereby the reception of cells 
from an unexpected terminal can be avoided. However, 
since there is a possibility that in a packet type commu- 
nication network which starts communication without 
establishing a connection, each individual terminals will 
receive packets from all the other terminals connected 
to networks, it is necessary to provide a filtering function 
for completely discarding packets sent from unexpected 
opposite parties. 

[0014] In order to perform filtering on each received 
packet, a router needs to effect a flow detection for iden- 
tifying each packet for filtering, on each input packet in a 
manner similar to the QoS control to thereby generate 
control information indicative of whether or not packet 
transfer is allowed and to selectively transfer or discard 
the input packets. 

[0015] The filtering employed in the router device 
has been described in, for example, Japanese Patent 
Application Laid-Open No. Hei 6-104900 (prior art 5). In 
the prior art 5, a LAN-to-LAN connecting device is pro- 
vided with a filtering table indicative of the correspond- 
ence between source addresses and destination 
addresses, and only such packets that are proceeding 
from the source address to the destination address reg- 



istered in the filtering table is set as an object to be 
transferred, whereby the filtering is implemented. 

SUMMARY OF THE INVENTION 

5 

[0016] When the number of flows to be detected by 
each router increases as Internet users increase, flow 
detection devices capable of setting a large number of 
flow conditions are necessary for the respective routers. 

w With an increase in traffic flowing over the Internet and 
the speeding up of a line rate, the shortening of a 
processing desired time interval per packet and high 
speed execution of QoS control (priority forwarding con- 
trol, bandwidth monitoring, etc.) and filtering under high 

15 volumes of flow condition entries are required for each 
router. It is also desirable that a manager for each router 
is able to easily set a variety of flow conditions to an 
entry table of each router. However, these problems 
remain unsolved in the prior arts 3, 4 and 5. 

20 [0017] A principal object of the present invention is 
to provide a packet forwarding apparatus capable of set- 
ting flow conditions comprised of a plurality of items 
including user identification information, protocol infor- 
mation, priority identification information, etc. in large 

25 quantity and performing a flow detection, QoS control 
and filtering at high speed. 

[0018] Another object of the present invention is to 
provide a packet forwarding apparatus capable of flexi- 
bly coping with the request of a router's manager and 

30 easily registering a variety of flow conditions. 

[0019] In a network wherein routers are connected 
to one another by an ATM network or frame relay net- 
work as shown in Fig. 46 by way of example, there is a 
possibility that a congestion incident to an excessive 

35 traffic will occur in a public ATM network 4301 and 
hence QoS cannot be maintained. Therefore, high- 
speed QoS control is necessary even for the ATM net- 
work and frame relay network which connect between 
the routers. However, the prior arts 3, 4 and 5 lack a 

40 useful technical disclosure related to a method of deter- 
mining connections such as VC/VP (Virtual Chan- 
nelA/irtual Path), DLCI, etc. for high-speed flow 
detection and QoS control necessary for these net- 
works. 

45 [0020] A further object of the present invention is to 
provide a router which rapidly determines VC/VP or 
DLCI and is effective for QoS control of an ATM network 
and a frame relay network. 

[0021] In order to achieve the above objects, there 
so is provided a packet forwarding apparatus according to 
the present invention, wherein an entry table referred to 
for detecting flows to which respective input packets 
belong, is divided into a plurality of subtables respec- 
tively corresponding to the values of flow attributes 
55 associated with the respective packets. 

[0022] Described more specifically, according to the 
present invention, the packet forwarding apparatus pro- 
vided with a plurality of line interface units each con- 



5 EP 0 993 153 A1 6 



nected to an input line and an output line, comprises: a 
routing processing unit for referring to a routing table, 
based on header information of packets received from 
the input lines by said line interface units to specify one 
of the output lines for each of said received packets to 
output the packet; a flow detection unit for retrieving, by 
referring to an entry table with a plurality of entries each 
including a flow condition and control information 
therein, control information defined by one of said 
entries with a flow condition coincide with that of the 
header information of said received packet; and a 
packet forwarding unit for transferring the received 
packet to one of said line interface units connected to 
the output line specified by the routing processing unit; 
and wherein said entry table comprises of a plurality of 
subtables respectively corresponding to the values of 
flow attributes associated with the received packets, 
and the flow detection unit retrieves the control informa- 
tion for each of said received packets from the subtable 
specified by the value of the flow attribute associated 
with the received packet, and the packet forwarding unit 
controls the transfer of each of said received packets to 
one of said line interface units in accordance with the 
control information notified from the flow detection unit. 
[0023] According to a preferred embodiment of the 
present invention, the entry table comprises a first table 
for storing the plurality of entries therein and a list table 
for storing therein pointer addresses for accessing the 
entries lying within the first table. The list table is divided 
into a plurality of sub-list tables corresponding to the val- 
ues of the flow attributes. The flow detection unit refers 
to one of said sub-list tables specified by the value of the 
flow attribute corresponding to each received packet 
and retrieves the entry with a flow condition coincident 
with that of the header information of the received 
packet, based on a pointer address stored in the sub-list 
table. 

[0024] The flow attribute is, for example, a line 
number indicative of an input line of the received packet 
or a line number indicative of an output line to output the 
received packet. 

[0025] The flow attribute may be a MAC identifier 
produced from a source MAC address included in the 
header information of each received packet, a MAC 
identifier produced from a destination MAC address 
included in the header information of the received 
packet, a source subnet identifier for identifying a sub- 
net to which a source IP address included in the header 
information of the received packet belongs, or a destina- 
tion subnet identifier for identifying a subnet to which a 
destination IP address included in the header informa- 
tion of the received packet belongs. Each entry regis- 
tered in the entry table includes, as the flow condition, at 
least one type of information selected from among a line 
number indicative of an input line of the received packet, 
a line number indicative of an output line of the received 
packet, and address information, application identifica- 
tion information and identification information on service 



priority included in the header of the received packet, for 
example. 

[0026] In the packet forwarding apparatus accord- 
ing to the present invention, for example, each entry 

5 registered in the entry table includes, as the control 
information, at least one of priority information indicative 
of priority for the transmission of the received packet to 
the output line and forwarding control information indic- 
ative of whether the transfer of the packet to other out- 

10 put lines is required. The packet forwarding unit 
performs at least one of filtering control of the received 
packet and priority control for the transfer of the packet 
to the corresponding output line in accordance with the 
control information notified from the flow detection unit. 

15 [0027] One feature of the present invention resides 
in that each entry registered in the entry table includes, 
as the control information, priority information indicative 
of priority for the transmission of the received packet to 
one of the output lines, and TOS (Type of Service) infor- 

20 mation, and the packet forwarding unit rewrites TOS 
information included in header information of the 
received packet in accordance with the TOS information 
notified from the flow detection unit as the control infor- 
mation and thereafter performs priority control for the 

25 transfer of the received packet to the output line in 
accordance with the priority information notified from 
the flow detection unit as the control information. 
[0028] Another feature of the present invention 
resides in that each entry registered in the entry table 

30 includes priority information and connection identifica- 
tion information as the control information, the packet 
forwarding unit adds the connection identification infor- 
mation notified form the flow detection unit as the con- 
trol information to the received packet and thereafter 

35 performs priority control for the transfer of the received 
packet to the output line in accordance with the priority 
information notified from the flow detection unit as the 
control information, and each line interface unit outputs 
the packet received from the packet forwarding unit to a 

40 connection corresponding to the connection identifica- 
tion information formed over the corresponding output 
line. 

[0029] A further feature of the present invention 
resides in that the list table comprises a first list table for 

45 use in filtering control and a second list table for use in 
forwarding control, and the first and second list tables 
are divided into a plurality of subtabls corresponding to 
the values of the flow attributes respectively, and the 
flow detection unit selectively refers to the first and sec- 

50 ond list tables for each received packet to thereby 
retrieve control information for filtering control and con- 
trol information for forwarding control, both of which are 
related to the received packet. 

[0030] Other problems to be solved by the present 
55 application, and their solving device will become appar- 
ent from the section of embodiments according to the 
present invention and the accompanying drawings. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

[0031] While the specification concludes with 
claims particularly pointing out and distinctly claiming 
the subject matter which is regarded as the invention, it 5 
is believed that the invention, the objects and features of 
the invention and further objects, features and advan- 
tages thereof will be better understood from the follow- 
ing description taken in connection with the 
accompanying drawings in which: w 

Fig. 1 is a block diagram showing a configuration of 
a router according to the present invention; 
Fig. 2 is a configurational diagram of an Internet; 
Fig. 3 is a diagram illustrating a format of a packet 15 
employed in a network; 

Fig. 4 is a diagram depicting a format of a packet 
processed in the router; 

Fig. 5 is a diagram showing a format of an IP 
address; 20 
Fig. 6 is a diagram for describing the detection of an 
entry table by a linear search; 
Fig. 7 is a diagram showing one embodiment of an 
entry table structure of an input line limitation type 
according to the present invention; 25 
Fig. 8 is a diagram illustrating another embodiment 
of the entry table structure of the input line limitation 
type according to the present invention; 
Fig. 9 is a diagram depicting one embodiment of an 
entry table structure of an SMAC limitation type 30 
according to the present invention; 
Fig. 1 0 is a diagram showing one embodiment of an 
entry table structure of a source subnet limitation 
type according to the present invention; 
Fig. 1 1 is a flowchart for describing the operation of 35 
a flow detector to which an entry table of an input 
line limitation type according to the present inven- 
tion is applied; 

Fig. 12 is a block diagram illustrating one embodi- 
ment of a flow detector of an input line limitation 40 
type according to the present invention; 
Fig. 13 is a block diagram depicting one embodi- 
ment of a flow detector of an SAMAC limitation type 
according to the present invention; 
Fig. 14 is a flowchart for describing the operation of 
a flow detector to which an entry table of a source 
subnet limitation type according to the present 
invention is applied; 

Fig. 15 is a block diagram showing one embodi- 
ment of a flow detector 1 01 2 of a source subnet lim- so 
itation type according to the present invention; 
Fig. 16A is a diagram depicting a time sequence for 
flow detection in which a plurality of processes are 
serially executed; 

Fig. 16B is a diagram illustrating a time sequence 55 
for flow detection in which a plurality of processes 
are subjected to pipeline processing; 
Fig. 1 7 is a diagram for describing the relationship 



of a layout between an entry table, a list table and a 
condition check unit; 

Fig. 18 is a diagram showing a configuration of a 
network to which a plurality of routers are con- 
nected by buses respectively; 
Fig. 1 9 is a diagram for describing a performance 
comparison between a flow detection based on a 
conventional linear search type and flow detections 
based on an input line limitation type and an output 
line limitation type according to the present inven- 
tion; 

Fig. 20 is a diagram for describing a performance 
comparison between the flow detection based on 
the conventional linear search type and flow detec- 
tions based on a source subnet limitation type and 
a destination subnet limitation type; 
Fig. 21 is a diagram for describing a performance 
comparison between serial processing and pipeline 
processing; 

Fig. 22 is a diagram showing another embodiment 
of an entry table according to the present invention, 
in which bandwidth monitoring information and 
altered TOS are defined in addition to priority infor- 
mation; 

Fig. 23 is a block diagram illustrating one embodi- 
ment of a condition check results judging unit for 
determining the priority information, bandwidth 
monitoring information and altered TOS; 
Fig. 24 is a block diagram depicting another embod- 
iment of a header processing unit; 
Fig. 25 is a flowchart for describing a further 
embodiment of a flow detector of an input line limi- 
tation type according to the present invention, 
which is used for determining bandwidth monitoring 
information and altered TOS in addition to priority 
information; 

Fig. 26 is a diagram showing a further embodiment 
of an entry table according to the present invention, 
in which connection information is defined in addi- 
tion to priority information; 

Fig. 27 is a block diagram illustrating one embodi- 
ment of a condition check results judging unit for 
determining priority information and connection 
information; 

Fig. 28 is a flowchart depicting a still further embod- 
iment of a flow detector of an input line limitation 
type according to the present invention, for deter- 
mining priority information and connection informa- 
tion; 

Fig. 29 is a diagram showing a still further embodi- 
ment of an entry table according to the present 
invention, in which control information for executing 
filtering is defined; 

Fig. 30 is a block diagram showing one embodi- 
ment of a condition check results judging unit for 
executing filtering; 

Fig. 31 is a flowchart illustrating a still further 
embodiment of a flow detector of an input line limi- 
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tation type according to the present invention, 
which is provided with a filtering function; 
Fig. 32 is a diagram depicting a still further embod- 
iment of an entry table according to the present 
invention, in which QoS control information and fil- 5 
tering control information are defined; 
Fig. 33 is a block diagram showing one embodi- 
ment of a condition check results judging unit for 
simultaneously determining QoS control informa- 
tion and filtering control information; w 
Fig. 34 is a flowchart for describing the operation of 
a flow detector of a simultaneous detection mode, 
which performs QoS control and filtering simultane- 
ously; 

Fig. 35 is a diagram depicting embodiments of a list 15 
table and an entry table for alternately performing 
QoS control and filtering; 

Fig. 36 is a block diagram showing one embodi- 
ment of a flow detector of a two-stage detection 
mode, which alternately performs QoS control and 20 
filtering; 

Fig. 37 is a flowchart for describing the operation of 
the flow detector of the two-stage detection mode; 
Fig. 38 is a diagram showing one example of entry 
contents at the time that flow conditions for filtering 25 
and QoS control are the same in an entry table for 
the simultaneous detection mode; 
Fig. 39 is a diagram illustrating one example of 
entry contents at the time that flow conditions for fil- 
tering and QoS control are the same in an entry 30 
table for the two-stage detection mode; 
Fig. 40 is a diagram depicting one example of entry 
contents at the time that flow conditions for filtering 
and QoS control differ from each other in an entry 
table for the simultaneous detection mode; 35 
Fig. 41 is a diagram showing one example of entry 
contents at the time that flow conditions for filtering 
and QoS control differ from each other in an entry 
table for the two-stage detection mode; 
Fig. 42 is a diagram illustrating one embodiment of 40 
an entry table in which the switching between the 
simultaneous detection mode and the two-stage 
detection mode is allowed; 

Fig. 43 is a block diagram depicting a condition 
check results judging unit which allows the switch- 45 
ing between the simultaneous detection mode and 
the two-stage detection mode; 
Fig. 44 is a flowchart for describing the operation of 
a flow detector capable of performing a detection 
mode changeover; so 
Fig. 45 is a diagram showing the correspondence of 
applications and port numbers; and 
Fig. 46 is a diagram illustrating a network in which a 
plurality of enterprise networks are connected to 
one another by a public ATM network. 55 



DESCRIPTION OF THE PREFERRED EMBODI- 
MENTS 

[0032] Preferred embodiments of the present inven- 
tion will hereinafter be described with reference to the 
accompanying drawings. 

[0033] Problems on a flow detection of a linear 
search type will first be explained with reference to Figs. 
3 through 6 to provide easy understanding of the 
present invention. 

[0034] Fig. 3 shows one example of a format of a 
packet on a network. 

[0035] The format of the packet on the network is 
comprised of a header field 410 and a data field 420. 
The header field 410 includes a source MAC (Media 
Access Control) address (SAMAC) 400 indicative of a 
physical address (hardware address) of a router which 
has sent the packet just before, a destination MAC 
address (AM AC) 401 indicative of a physical address of 
a router which next receives a packet, a source IP 
address (SIP) 402 indicative of an address of a source 
terminal of the packet, a destination IP address (DIP) 

403 indicative of an address of a destination terminal of 
the packet, a source port (hereinafter called "SPORT") 

404 indicative of a protocol (= upper application), a des- 
tination port (DPORT) 405, and TOS (Type of Service) 
or DS filed 411 indicative of priority of the packet in the 
network. The data field 420 includes user data 406. 
[0036] Fig. 3 indicates a format of a packet in which 
the protocol of a transport layer indicates a TCP (Trans- 
mission Control Protocol) or UDP (User Datagram Pro- 
tocol), and the protocol of a network layer is IP (Internet 
Protocol). In the present invention, however, the proto- 
col of the network layer may be another protocol, e.g., 
IPX or the like. 

[0037] Fig. 4 shows one example of a format of an 
internal packet handled inside a router. 
[0038] The internal packet treated within the router 
has a format in which an internal header field 430 is 
added to the format of the packet on the network. The 
internal header field 430 includes an input line number 
407, an output line number 408, and priority information 
409 for use in priority transfer control of each packet 
under QoS control. 

[0039] Fig. 5 shows a format of an IP address 440. 
[0040] The IP address 440 is composed of a net- 
work address 441 and a host address 442. A network 
(or subnet) is identified by the network address 441 and 
each of terminals or terminal equipment in respective 
networks is identified by the host address 442. 
[0041] Since the upper bit in the IP address 440 
corresponds to the network address, a plurality of termi- 
nals held within the same network have continuous IP 
addresses respectively. Thus, all the terminals con- 
tained in one network can be specified by the range 
(upper limit value or lower limit value) of the IP address. 
[0042] Fig. 6 shows the configuration of an entry 
table used for flow detection. 
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[0043] An entry table 550 has one or a plurality of 
entries 510-i (where i = 1 to H). The entries 510-i is com- 
posed of flow conditions 520-i and QoS control informa- 
tion 530-i respectively. 

[0044] The QoS control information 530-i include 5 
priority information 507 used for packet's priority trans- 
fer control respectively. Further, each of the flow condi- 
tions 520-i includes a plurality of items of parameter 
information indicative of flow conditions for identifying 
source users or destination users, flow conditions for 10 
identifying applications and flow conditions for identify- 
ing priorities. 

[0045] As items indicative of the flow conditions for 
identifying the source users or destination users, may 
be mentioned, for example, an SIP upper limit value 501 15 
and an SIP lower limit value 502 indicative of the range 
of a source IP address, a DIP upper limit value 503 and 
a DIP lower limit value 504 indicative of the range of a 
destination IP address, an IP address validity indication 
bit 562 indicative of whether these upper and lower limit 20 
values are effective or not, an input line number 508, 
and an input line number validity indication bit 561 indic- 
ative of whether the value of the input line number 508 
is effective. 

[0046] For example, the edge router-B: 327 of the 25 
network shown in Fig. 2 identifies whether an enterprise 
network for a packet source corresponds to the enter- 
prise network-C: 323 or the enterprise network-D: 324 
according to an input line number of a packet. If the 
upper limit values of SIP and DIP and the lower limit val- 30 
ues thereof are set to the flow conditions 520 of respec- 
tive entries in an entry table held by the edge router as 
shown in Fig. 6, then a terminal address can be identi- 
fied by one entry 510-i in network units or subnetwork 
units. 35 
[0047] As items indicative of the flow conditions for 
identifying the applications, may be mentioned, a 
SPORT 505 indicative of a source port, a DPORT 506 
indicative of a destination port, and a port number valid- 
ity indication bit 563 indicative of whether the values of 40 
the SPORT 505 and DPORT 506 are effective. One 
example illustrative of the relationship of correspond- 
ences between applications to which port numbers are 
assigned at present and the port numbers, is shown in 
Fig. 45. 45 
[0048] As items indicative of the flow conditions for 
identifying the priority, there are shown a TOS 515 and 
a TOS validity indication bit 564. The respective interior 
nodes in the Diffserv described in the prior art 4 detect 
flows according to the TOS 515 to perform packet's pri- so 
ority transfer control. 

[0049] Validity indication bits 561 , 562, 563 and 564 
indicate whether the values of the input line number 
508, IP addresses 501 through 504, port numbers 505 
through 506 and TOS 51 5 are valid as flow identification 55 
information. When the values of these items are valid as 
the flow identification information, "1" is set to the valid- 
ity indication bits corresponding to the respective items, 



and "0" is set to the valid indicative bits corresponding to 
the items unused for packet identification. 
[0050] Upon the flow detection of received packets, 
the entries 510-i (where i = 1 to H) are sequentially read 
from the entry table 550. It is determined whether the 
internal header field 430 and header field 410 of the 
received packet include header information coincident 
to the valid flow conditions defined in the flow condition 
520-i of each entry 510-i referred to above. When the 
header information of the received packet coincides 
with all the validity flow conditions defined in the flow 
conditions 520-i r the priority information 507 defined in 
the entry 510-i is assigned to the received packet, and 
the flow detection for the received packet is terminated. 
[0051] When the header information of the received 
packet coincides with the flow condition of the third 
entry 510-3 registered in the entry table 550, the priority 
information 507-3 defined in the entry 510-3 is given to 
the received packet, and the flow detection is termi- 
nated without executing reference to the flow conditions 
of four and later entries. In the present specification, a 
flow detection method of reading the entries from the 
entry table 550 in registration order as described above 
and checking for the flow conditions of the received 
packet will be called "linear search type". 
[0052] Now consider where QoS control and filter- 
ing of each received packet are executed by an Internet 

325 shown in Fig. 2. In the network shown in Fig. 2, 
enterprise networks-A, -B and -C (321, 322 and 323), 
which belong to the same enterprise, and an enterprise 
network-D (324), which belongs to an enterprise differ- 
ent from the above enterprise, are connected to one 
another by the Internet 325 corresponding to the public 
IP network. The Internet 325 comprises an edge router- 
A: 326 for connecting the enterprise networks 321 and 
322 to each other, an edge router-B: 327 for connecting 
the enterprise networks 323 and 324 to each other, and 
a backbone router 328 for connecting the edge router-A: 

326 and the edge router-B: 327 to each other. A gate- 
way router 329 is placed in a gateway to the Internet 
325, of the enterprise network-B: 322. 

[0053] The priority transfer based on the QoS con- 
trol is mainly performed by the edge router-A: 326, edge 
router-B: 327 and backbone router 328 in the Internet 
325, whereas bandwidth monitoring based on the QoS 
control and the rewriting of TOS are principally per- 
formed by the edge router-A: 326 and edge router-B: 

327 in the Internet 325. Since large amounts of packets, 
which are communicated between enterprises, pass 
through the Internet 325, a processing time interval 
allowed per packet is short. Therefore, the edge router- 
A: 326, edge router-B: 327 and backbone router 328 
need to perform the QoS control at high speed. When, 
however, the enterprises connected to the Internet 325 
increase in number, a high volume of entries 510-i are 
set to the entry table 550 for the purpose of identifying a 
large number of enterprise networks. Since the flow 
conditions are determined every received packets with 
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all the entries 510-i registered in the entry table 550 as 
objects in the flow detection of the above-described lin- 
ear search type, this is not suited for the high-speed 
QoS control necessary for the edge router-A: 326, edge 
router-B: 327 and backbone router 328. 
[0054] On the other hand, in the flow detection for 
filtering, the priority information 507 defined in the entry 
510 with the flow condition coincident with that of the 
received packet may be used as forwarding control 
information indicative of a decision as to the forwarding 
of the received packet. Such filtering is performed by the 
gateway router 329 in the enterprise network-B: 322 in 
the case of the network shown in Fig. 2. Since the gate- 
way router 329 must process all the packets inputted to 
the enterprise network-B: 322, a processing time inter- 
val allowed per packet is extremely short and hence 
high-speed filtering capability is required. 
[0055] The entries 510-i are set to the entry table 
550 50 that packets, which are communicated between 
the enterprise networks-A, -B and -C (321, 322 and 
323) corresponding to the same enterprise, are trans- 
ferred to the gateway router 329 selectively among the 
received packets. When the number of networks, which 
belong to the same enterprise, is increased to 3 or 
more, the number of the entries 510-i set to the entry 
table 550 also increases. When the number of the 
entries 510-i registered in the entry table of the gateway 
router 329 increases, the linear search type for sequen- 
tially referring to all the entries 510-i in the entry table 
550 encounters difficulties in performing filtering at high 
speed. 

[0056] Therefore, the present invention adopts an 
entry table structure capable of performing a flow detec- 
tion at high speed as compared with the linear search 
type even when the high volume of entries 510 are reg- 
istered in the entry table 550, and a table access 
method. 

[0057] As a first embodiment of the entry table 
structure adopted in the present invention, a summary 
of an input line limitation type will be explained. An entry 
table of the input line limitation type is composed of a 
plurality of subtables corresponding to input line num- 
bers. Condition checks for flow detection are executed 
with an entry group having input line numbers each 
coincident with an input line number of the received 
packet, i.e., only a specific subtable as an object to be 
checked. 

[0058] Fig. 7 shows one embodiment of an entry 
table for an input line limitation type. 
[0059] The entry table 551 for the input line limita- 
tion type comprises a plurality of subtables each corre- 
sponding to an input line number. A plurality of entries 
51 1-i having flow conditions 521 of contents obtained by 
deleting the input line number 508 and the input line 
number validity indication bit 561 from the entry 510 for 
the linear search type shown in Fig. 6 are registered in 
each subtable. 

[0060] According to the above-described table 
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structure, flow detection processing is executed with a 
small number of entries registered in each subtable cor- 
responding to the input line number of each received 
packet as objects to be checked. Therefore, even if the 

5 entries are sequentially selected within each subtable 
and a check is made as to whether header information 
of the received packet coincides with a flow condition of 
each entry, a processing time necessary for the flow 
detection is extremely short. Further, since the number 
10 of items which constitute a flow condition 521 of each 
entry 51 1, is reduced, the capacity of a memory, which 
is necessary to form the entry table 551, may be small. 
[0061] Fig. 8 shows a preferred embodiment of an 
entry table for an input line limitation type. 

15 [0062] According to the structure of the entry table 
shown in Fig. 7, when it is desired to define entries each 
independent of the input line number, e.g., "traffic of Tel- 
net is forwarded with a higher priority even when it is 
inputted from any input line" within the entry table, it is 

20 necessary to set the entries 51 1 having the same con- 
tents to the plurality of subtables. Further, the availabil- 
. ity.of the memory for the entry table 551 is reduced. 
[0063] Thus, in the embodiment shown in Fig. 8, a 
list table 760 comprised of a plurality of sub-list tables 

25 each corresponding to an input line number is provided 
aside from an entry table 750 which stores a plurality of 
entries 511-1 ... 511-H therein. Data block (list) groups 
540 each indicative of a pointer address of an entry 
associated with the input line are stored in their corre- 

30 sponding sub-list tables. When it is desired to define 
entries having the same flow condition for a plurality of 
input lines, lists including the same pointer address may 
be registered in a plurality of sub-list tables. 
[0064] In Fig. 8, a first sub-list table corresponding 

35 to an input line 1 is comprised of, for example, G lists 
(pointer addresses). As indicated by arrow, a first list 
540-1 1 having a list table address 1 includes a pointer 
address of the entry 511-1, and a second list 540-12 
having a list table address 2 includes a pointer address 

40 of the entry 51 1-H. Upon flow detection, a specific sub- 
list table corresponding to an input line number of the 
received packet becomes an object to be checked. 
Entries 51 1-i are read out from the entry table 750 in 
accordance with the pointer addresses indicated by the 

45 lists 540 registered in the sub-list tables, and a decision 
is made as to whether header information of each 
received packet coincides with its corresponding flow 
condition. 

[0065] According to the table structure shown in 
so Fig. 8, the entries 51 1-i large in data length (bit width) 
are stored in the entry table region 750 shared between 
the plurality of input lines, the lists 540 increased in 
number and small in bit width (respective lists may be 
1 0bits for 1024 entries) are stored in the list table region 
55 corresponding to the input line numbers. Therefore, the 
memory is effectively utilized and the large number of 
entries can be registered therein. 
[0066] In order to complete the reference to the 
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entry table in a short time, an entry table 750 may be 
placed in an internal memory on a semiconductor chip 
1200 with a condition check unit 720 to be described 
later formed therein as shown in Fig. 1 7 by way of exam- 
ple. If the memory for the entry table and the condition 5 
check unit are disposed on the same semiconductor 
chip, it is then possible to read data large in bit width at 
a time through interconnections formed over the semi- 
conductor chip without having to use data input/output 
pins of the semiconductor chip 1 200. Since the number w 
of external connecting pins available for the semicon- 
ductor chip 1200 is limited, the bit width of once-reada- 
ble data is reduced due to the restriction of the number 
of the connecting pins if the entry table 750 is formed in 
an external memory. Therefore, the time required to 15 
effect a reading process on each entry becomes long. 
[0067] In the embodiment illustrated in Fig. 8, the 
list table 760 is divided into a plurality of subtables 
including the G lists 540 for each input lines. The 
number G of the lists 540 is set so as to have a relation- 20 
ship of G < H with respect to the number H of the entries 
511 held in the entry table 750. 

[0068] Upon the flow detection, list data (pointer 
address data) are read out in decreasing order of list 
table addresses within the sub-list tables each corre- 25 
sponding to the input line number of the received 
packet, and the entries lying within the entry table 750 
are respectively accessed according to the pointer 
addresses. 

[0069] The list table 760 may be placed over an 30 
external memory different form that of the semiconduc- 
tor chip 1200 as shown in Fig. 17. Since the data blocks 
of the respective lists 540 are small in bit width, one list 
can be read in one read cycle at high speed through a 
relatively small number of external connecting pins. 35 
When the entries are fully registered in each individual 
sub-list tables, the memory capacity of the list table 760 
results in bit widths of lists 540 x number of input lines x 
number of entries H and hence increases with an 
increase in the number of input lines held in each router. 40 
In order to use the internal memory on the semiconduc- 
tor chip 1200 with efficiency, the list table 760 may be 
formed in an external memory different from that of the 
semiconductor chip 1200. 

[0070] Fig. 1 shows an example of one configura- 45 
tion of a router according to the present invention. 
[0071] The router 100 comprises a header process- 
ing unit 110, a packet I/O unit 120 which performs the 
input/output of a packet from and to each I/O line 123, 
and a processor 130. 50 
[0072] The header processing unit 110 consists of a 
routing processing unit 1 1 1 , a flow detector 112, and an 
ARP (Address Resolution Protocol) processing unit 
113. The packet I/O unit 120 comprises an output FIFO 
(First In First Out) allocation circuit 121 for performing ss 
packet forwarding control and priority control within the 
router, and a plurality of line interface units 122-i (where 
i = 1 through N) respectively connected to the I/O lines 



123-i. 

[0073] A management terminal 140 provided out- 
side the router 100 is connected to the processor 130. 
[0074] When a packet is inputted from an ith line 
123-i to a line interface unit 122-i, a receiver circuit 124- 
i adds an internal header including a line number i as an 
input line number 407 to the packet to thereby convert 
the received packet to an internal packet format useful 
inside the router, then stores the internal packet in the 
input FIFO buffer 126-i. At this time, meaningless values 
are set to fields for an output line number 408 and QoS 
control information 409 of the internal header. The pack- 
ets stored in the input FIFO buffers 126-i are read in 
input order and forwarded to the output FIFO allocation 
circuit 121. The output FIFO allocation circuit 121 stores 
each received packet in a buffer memory 128 and sup- 
plies header information 1 1 of the received packet to the 
header processing unit 110. The header information 1 1 
comprises information lying within an internal header 
field 430 and a header field 410. 

[0075] In the header processing unit 110, the rout- 
ing processing unit 111 detects or retrieves a routing 
table, based on DIP in the header information 11 to 
determine the number of an output line connected to a 
subnet to which the DIP belongs, and an IP address 
(NIP: Next Hop IP Address) of the next router which 
receives the packet sent from the router 100. Further, 
the routing processing unit 111 outputs the output line 
number determined from the routing table to the output 
FIFO allocation circuit 121 and the flow detector 1 12 as 
output line information 12 and outputs NIP to the ARP 
processing unit 113 as NIP information 14. Incidentally, 
the creation and management of the routing table are 
performed by the processor 1 30, and the retrieval of the 
routing table is described in, for example, Japanese Pat- 
ent Application Laid-Open No. Hei 1 0-222535. The out- 
put FIFO allocation circuit 121 writes the output line 
information 1 2 received from the routing processing unit 
111 into the internal header of the corresponding packet 
stored in the buffer memory 128 as an output line 
number 408. 

[0076] When the ARP processing unit 1 1 3 receives 
the NIP information 14 from the routing processing unit 
1 1 1 , it determines a MAC address corresponding to the 
NIP and outputs it to the output FIFO allocation circuit 
121 and the flow detector 112 as DA MAC information 
15. The output FIFO allocation circuit 121 writes the 
DAMAC information 1 5 received from the ARP process- 
ing unit 113 into the header filed of the corresponding 
packet stored in the buffer memory 1 28 as DAMAC 401 . 
[0077] On the other hand, the flow detector 112 
detects or retrieves an entry table 750 (or 551) based on 
the header information 11 received from the output 
FIFO allocation circuit 121 to determine priority informa- 
tion on the received packet and outputs the priority infor- 
mation to the output FIFO allocation circuit 121 as 
packet priority information 13. When the output FIFO 
allocation circuit 121 receives the packet priority infor- 
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mation 13 therein, it writes it into the header of the cor- 
responding packet stored in the buffer memory 128 as 
QoS control information 409. 

[0078] When all of the output line number 408, 
DAM AC 401 and QoS control information 409 are writ- 5 
ten into the header of the received packet, the output 
FIFO allocation circuit 121 writes each received packet 
into the corresponding output FIFO buffer 127-ij (where 
j = 1 or 2) specified by the QoS control information 409, 
which exits, in the line corresponding unit 122-i corre- 10 
sponding to the output line number 408. 
[0079] A transmission circuit 125-i in each line cor- 
responding unit 122-i reads and controls each packet 
stored in the output FIFO buffer 127-ij by methods such 
as "Head of Line Scheduling", "Weighted Pound-robin 15 
Scheduling", etc. Upon the "Head of Line Scheduling", 
packets are read out from an output FIFO buffer 127-i1 
one after another in storage order so long as the stored 
packets exist in the output FIFO buffer 127-M having 
high priority, and packets are read out from an output 20 
FIFO buffer 127-i2 low in priority in storage order only 
when the high-priority output FIFO buffer 127-M 
becomes idle. Upon the "Weighted Pound-robin Sched- 
uling" on the other hand, packets are read from the out- 
put FIFO buffer 127-i1 and output FIFO buffer 127-i2 25 
according to a pre-set ratio. Incidentally, a manager for 
the router 100 specifies a read control mode for each 
transmission circuit 125-i through the management ter- 
minal 140. 

[0080] Each transmission circuit 125-i deletes the 30 
internal header field 430 from a packet read out from the 
corresponding output FIFO buffer 127 and writes a MAC 
address of each line 123-i into SAMAC 400 of a packet 
header, followed by delivery to its corresponding output 
line 123-i. 35 
[0081] One example of the configuration of the flow 
detector 1 12 is shown in Fig. 12. 

[0082] The flow detector 112 comprises a condition 
check results judging unit 710, a condition check unit 
720, a list table read out unit 730, an entry table read out 40 
unit 740, an entry table 750, and a list table 760. 
[0083] A flowchart for describing processing exe- 
cuted by the flow detector 1 1 2 is shown in Fig. 1 1 . 
[0084] The flow detector 112 roughly executes five 
processes: start of detection 600, read out of list table 45 
630, read out of entry table 640, check of condition 620, 
and judge of condition check results 610. The process 
630, process 640, process 620 and process 610 are 
respectively executed by the list table read out unit 730, 
the entry table read out unit 740, the condition check so 
unit 720 and the condition check results judging unit 710 
shown in Fig. 12. 

[0085] A flow detection process of an input line lim- 
itation type will be explained below with reference to Fig. 

11. 55 

[0086] When header information 1 1 of a packet is 
transmitted from the packet I/O unit 120 to the header 
processing unit 110, the start of detection 600 is exe- 



cuted and the flow detector 112 stores input line num- 
bers 407, SIP 402, DIP 403, SPORT 404, DPORT 405 
and TOS 411 included in the header information 1 1 into 
an I/O line number storage 732 provided within the list 
table read out unit 730, and a packet SIP storage 722-2, 
a packet DIP storage 723-2, a packet SPORT storage 
724-2, a packet DPORT storage 725-2 and a packet 
TOS storage 728-2 provided within the condition check 
unit 720 respectively (Step 601). 

[0087] Upon the read out of list table 630, the list 
table read out unit 730 reads only list data 540 lying 
within a sub-list table corresponding to an input line 
number indicated by the header information 1 1 from the 
list table 760 and stores the same in a list storage 741. 
The list table read out unit 730 first resets a value M of 
a list number counter 733 to an initial value 1 to read a 
leading list 540-i1 of a sub-list table corresponding to 
each input line number i (Step 631). Next, a list table 
address generator 731 generates each of addresses for 
the list table 760 from the input line number stored in the 
I/O line number storage 732 and the value M (M = 1 at 
present) of the list number counter 733 to thereby read 
the list 540-M and stores it into the list storage 741 (Step 

632) . In this case, the address for the list table 760 
results in (input line number - 1) x G + M. Here, G indi- 
cates the number of lists every input lines. When the list 
table address generator 731 notifies the reading of the 
list 540 to the list number counter 733, the list number 
counter 733 increments the value M of the list number 
counter 733 by 1 so that a list 540-i2 can be read 
according to the next read out of list table 630 (Step 

633) . By repeating the above-described read out of list 
table 630, the list table read out unit 730 sequentially 
reads the lists 540 from small list table addresses to 
large list table addresses. 

[0088] Upon the read out of entry table 640, the 
entry table read out unit 740 reads each entry 511-i 
from the entry table 750. An entry table address gener- 
ator 742 of the entry table read out unit 740 utilizes each 
value stored in the list storage 741 as an entry table 
address as it is and reads out each entry 51 1-i from the 
entry table 750. An SIP upper limit value 501 and an SIP 
lower limit value 502 are stored in an entry SIP storage 
722-3 of the condition check unit 720, a DIP upper limit 
value 503 and a DIP lower limit value 504 are stored in 
an entry DIP storage 723-3, a SPORT 505 and a 
DPORT 506 are respectively stored in an entry SPORT 
storage 724-3 and an entry DPORT storage 725-3, a 
TOS 515 is stored in an entry TOS storage 728-3, an IP 
address validity indication bit 562, a port number validity 
indication bit 563 and a TOS validity indication bit 564 
are stored in a validity indication bits storage 726, and 
priority information 507 is stored in a QoS control infor- 
mation storage 713 of the condition check results judg- 
ing unit 710, respectively (Step 641). 
[0089] Upon the check of condition 620, the condi- 
tion check unit 720 makes a decision as to whether 
header information of each received packet coincides 
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with flow conditions set to the entry SIP storage 722-3, 
the entry DIP storage 723-3, the entry SPORT storage 
724-3, the entry DPORT storage 725-3 and the entry 
TOS storage 728-3. 

[0090] In the flowchart shown in Fig. 11, the proc- 
ess for determining whether the header information of 
each received packet coincides with each individual 
flow conditions of .SIR DIP, SPORT, DPORT and TOS 
indicated by the flow conditions of the entries read from 
the entry table is described so as to be performed every 
check items in time sequence. In the condition check 
unit 720, however, comparators are specifically pre- 
pared every check items (SIR DIP, SPORT, DPORT, 
TOS) to shorten a turnaround time of the check of con- 
dition 620, and a plurality of condition judgments or 
decisions may be executed in parallel. 
[0091] When the SIP upper and lower limit values 
stored in the packet SIP storage 722-2 and SIP stored in 
the entry SIP storage 722-3 meets the condition of "SIP 
lower limit value < SIP < SIP upper limit value" or when 
the IP address validity indication bit in the validity indica- 
tion bits storage 726 is "0", an SIP comparator 722-1 
outputs a coincidence signal (Step 621-1). A DIP com- 
parator 723-1 executes a DIP process similar to SIP 
(Step 621-2). 

[0092] When SPORT stored in the packet SPORT 
storage 724-2 and SPORT stored in the entry SPORT 
storage 724-3 are equal to each other or when the port 
number validity indication bit in the validity indication 
bits storage 726 is "O", a SPORT comparator 724-1 
determines that a match or coincidence has occurred, 
and outputs a coincidence signal (Step 621-3). A 
DPORT comparator 725-1 executes a DPORT process 
similar to the SPORT comparator 724-1 (Step 621-4). 
[0093] When TOS stored in the packet TOS storage 
728-2 and TOS stored in the entry TOS storage 728-3 
are equal to each other or when the TOS validity indica- 
tion bit in the validity indication bits storage 726 is "0", a 
TOS comparator 728-1 determines that a match has 
occurred (Step 621-6). 

[0094] When it is determined in all of Steps 621-1, 

621- 2. 621-3, 621-4 and 621-6 that the "coincidence" 
has occurred, a coincidence judging circuit 721 stores 
information indicative of "coincidence" into a condition 
coincidence results (condition check results) storage 
712 of the condition check results judging unit 710 (Step 

622- 1) and stores information indicative of "non-coinci- 
dence" therein at all other times (Step 622-2). 

[0095] In the above-described embodiment, the 
respective comparators outputs the coincidence signals 
with respect to the flow conditions under which the IP 
address validity indication bit 562, port number validity 
indication bit 563 and TOS validity indication bit 564 are 
"0", whereby decision results similar to the non-execu- 
tion of a condition check for the corresponding items 
(SIP/DIP, SPORT/DPORT or TOS) of each packet 
header are obtained where the validity indication bits 
are "0". Since flow conditions independent of the IP 



addresses, port numbers or TOS can be defined in the 
entry table 750 owing to the provision of these validity 
indication bits, the description of each flow condition is 
greatly improved. Thus, this can flexibly cope with 
5 diverse flow conditions that the manager for the router 
100 desires. 

[0096] When information indicating that each 
received packet has coincided with the flow condition, is 
stored in the condition check results storage 712 upon 

w the judge of condition check results 610, a condition 
check results judging circuit 71 1 judges the value of the 
QoS control information storage 713 as priority informa- 
tion for each received packet. In this case, the informa- 
tion . (priority information) stored in the QoS control 

15 information storage 713 is outputted to the output FIFO 
allocation circuit 121 of the packet I/O unit 120 as 
packet priority information 13 and the flow detection 
process is ended (Step 611). When the information 
indicative of "non-coincidence" is stored in the condition 

20 check results storage 712, the flow detector 112 is 
returned to Step 632 where the aforementioned flow 
detection process is repeatedly effected on a flow con- 
dition defined in the next entry. 

[0097] Upon the flow detection of the input line limi- 

25 tation type according to the present invention as 
described above, the objects to be retrieved in the entry 
table are limited to the subtables (entry group) each 
coincident with the input line number of each received 
packet to thereby speed up the processing. 

30 [0098] Now consider where the edge router-B 327 
of the network shown in Fig. 2 performs QoS control on 
packets sent from the enterprise network-C: 323 and 
the enterprise network-D: 324. Since the enterprise net- 
work-C: 323 and the enterprise network-D: 324 are dif- 

35 ferent in owner from each other, they are generally 
different in flow detection method. Therefore, the edge 
router-B: 327 must have each entry 51 1-i for the enter- 
prise network-C 323 and each entry 51 1-i for the enter- 
prise network-D 324. The edge router of the linear 

40 search type regards all the entries 51 1-i registered in 
the table as objects to be retrieved, whereas the edge 
router of the input line limitation type according to the 
present invention takes only entry groups for specific 
input lines (enterprise networks) as objects to be 

45 retrieved. Therefore, the input line limitation type has 
performance equal or equivalent to twice or more times 
that of the linear search type. When K enterprise net- 
works are connected to the edge router-B: 327, the per- 
formance equal to about K times is obtained. If list 

so (pointer address) tables 540 are introduced in this case, 
then a large number of flow conditions can be defined 
by using memory capacity effectively. 
[0099] A description will be made of a flow detection 
of output line limitation type as a second embodiment of 

55 the present invention. In the flow detection of the output 
line limitation type, the flow detection can be speeded 
up by taking only entry groups coincident with each 
other in output line number corresponding to one of flow 
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condition items as objects to be retrieved. The flow 
detection of output line limitation type will be described 
below by placing emphasis on a point of difference 
between the output line limitation type and the afore- 
mentioned input line limitation type. 5 
[0100] in the output line limitation type, the list table 
760 comprises a plurality of sub-list tables each corre- 
sponding to the output line number. Thus, the flow 
detector 112 stores each output line number supplied 
from the routing processing unit 111 into the I/O line 10 
number storage 732 in place of the input line number 
indicated by the header of each received packet in Step 
601 of Fig. 1 1. In Step 632, the list table address gener- 
ator 731 generates each list table address from the cor- 
responding output line number stored in the I/O line 15 
number storage 732 and the corresponding value M of 
the list number counter 733. Except for these items, the 
flow detection of the output line limitation type is identi- 
cal to that of the input line limitation type. 
[0101] If a packet sent to the enterprise network-C: 20 
323 and a packet sent to the enterprise network-D: 324 
are different in flow detection from each other when the 
edge router-B: 327 performs QoS control on the pack- 
ets sent to the enterprise networks-C: 323 and -D: 324 
in the network shown in Fig. 2, the flow detection of the 25 
output line limitation type has performance equal to 
twice or more times that of the linear search type due to 
the reason similar to the aforementioned input line limi- 
tation type. 

[0102] The flow detection may be performed by 30 
using SAMAC included in header information 1 1 of each 
received packet in place of the aforementioned input 
line number or output line number and taking each sub- 
table (entry group) defined by the value of SAMAC as 
an object to be retrieved. In the case of the flow detec- 35 
tion of the SAMAC limitation type, subtables are pre- 
pared corresponding to SAMAC groups composed of a 
plurality of SAMAC, and a sub entry table (or sub-list 
table) associated with a SAMAC identifier coincident 
with that of the received packet is taken as an object to 40 
be retrieved. 

[0103] The flow detection of the SAMAC limitation 
type will be explained below as a third embodiment of 
the present invention while centering around a point of 
difference between the present type and the input line 45 
limitation type. 

[0104] Fig. 9 shows formats of an entry table 750 
and a list table 860 for the SAMAC limitation type. 
[0105] Entries each having the same format as the 
input line limitation type shown in Fig. 8 are registered in so 
the entry table 750 for the SAMAC limitation type. The 
list table 860 is divided into L sub-list regions corre- 
sponding to SAMAC identifiers. A list table read out unit 
830 of a flow detector 812 is provided with a MAC iden- 
tifier storage 832 and a MAC identifier generator 834 in 55 
place of the I/O line number storage 732 as shown in 
Fig. 13. 

[0106] Upon the flow detection of the SAMAC limi- 



tation type, the MAC identifier generator 834 hashes 
SAMAC (6 bytes) by the Hash function in Step 601 of 
the flowchart shown in Fig. 1 1 to generate SAMAC iden- 
tifiers each having a bit width smaller than SAMAC. A 
plurality of SAMAC in which the results of hash by the 
hash function become the same value, constitute one 
SAMAC group. At this time, the SAMAC identifiers are 
stored in the MAC identifier storage 832 in place of the 
input line numbers in the list table read out unit 830. In 
Step 632, the list table address generator 831 gener- 
ates each list table address from the SAMAC identifier 
in the MAC identifier storage 832 and the value M of the 
list number counter 733. The flow detection of the 
SAMAC limitation type is identical in other operations to 
the flow detection of the input line limitation type. 
[0107] Fig. 18 shows a network wherein a line-A: 
1311 having a MAC address A, which is connected to a 
router-A: 1301, a line-B: 1312 having a MAC address B, 
which is connected to a router-B: 1302, and a line-C: 
1313 having a MAC address C, which is connected to a 
router-C: 1303, are connected to one another by a bus. 
Consider where the router-A: 1301 performs QoS con- 
trol on packets sent from a network-B: 1322 and a net- 
work-C: 1323. 

[0108] Since the router-A: 1301 cannot identify a 
transmission network for each received packet by an 
input line number in the case of such a network config- 
uration, it is necessary to identify each network from the 
MAC address. When the network-B: 1322 and the net- 
work-C: 1323 are different in flow detection method 
from each other, an entry table of the router-A: 1301 
needs an entry group for the network-B: 1322 and an 
entry group for the network C: 1323. However, if the 
entry table is divided into a plurality of tables every 
SAMAC identifiers as in the third embodiment, then the 
flow detection can be performed with only either one of 
the entry groups as the retrieval object upon packet 
reception. Therefore, the flow detection of the SAMAC 
limitation type can also obtain performance equal to 
twice or more times that of the flow detection of the lin- 
ear search type. 

[0109] A flow detection of a DAM AC limitation type 
using DAMAC determined by an ARP processing unit 
113 will be described as a fourth embodiment of the 
present invention. 

[0110] In the DAMAC limitation type, an entry table 
is divided into a plurality of subtables so as to corre- 
spond to identifiers of each DAMAC group comprised of 
a plurality of DAMAC. Further, only entry groups each 
coincident with a DAMAC identifier included in a header 
of the received packet will be defined as objects to be 
retrieved. A description will be made below of a point of 
difference between the SAMAC limitation type and the 
DAMAC limitation type. 

[0111] In a flow detector for the DAMAC limitation 
type, the list table 860 shown in Fig. 13 has sub-list 
tables every DAMAC identifiers in place of the SAMAC 
identifiers. In the aforementioned SAMAC limitation type 
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flow detection, the MAC identifier generator 834 shown 
in Fig. 13 has generated the SAMAC identifiers from 
SAMAC in the header information 11. In the DAMAC 
limitation type in contrast to this, the MAC identifier gen- 
erator 834 generates a DAMAC identifier from DAMAC 5 
of each received packet and stores it in the MAC identi- 
fier storage 832 in Step 601 of Fig. 1 1. In Step 632, the 
list table address generator 831 generates each of list 
table addresses from the corresponding DAMAC identi- 
fier in the MAC identifier storage 832 and the value M of 10 
the list number counter 733. The DAMAC limitation type 
is identical in other operations to the SAMAC limitation 
type. 

[0112] If DAMAC identifiers for a MAC address B 
and a MAC address C differ from each other where the is 
flow detection is effected on packets sent to the net- 
work-B: 1322 and the network-C: 1323 in the network 
shown in Fig. 18, then a flow condition for each received 
packet can be determined with only the entry group cor- 
responding to either one of the DAMAC identifiers as an 20 
object to be retrieved, according to the flow detection of 
the DAMAC limitation type. Therefore, the DAMAC limi- 
tation type can obtain performance equal to twice or 
more times that of the linear search type. 
[01 13] A description will next be made of a point of 25 
difference between a source subnet limitation type flow 
detection for restricting a retrieval-oriented entry group 
according to a source subnet, which is defined as a fifth 
embodiment of the present invention, and the input line 
limitation type flow detection. 30 
[0114] Fig. 10 shows formats of an entry table 1 050 
and a list table 1060 for the source subnet limitation 
type. Each entry 510-i registered in the entry table 1050 
includes an input line number 508 and an input line 
number validity indication bit 561 in a manner similar to 35 
each entry employed in the linear search type shown in 
Fig. 6. The list table 1060 is divided into R sub-list table 
regions in association with source subnet identifiers. 
[01 15] Fig. 15 is a block diagram of a flow detector 
1012 for the source subnet limitation type. The flow 40 
detector 1012 has a subnet ID storage 1032 in place of 
the I/O line number storage 732 shown in Fig. 12 and is 
further provided with a line number comparator 1027-1, 
a packet line number storage 1027-2 and an entry line 
number storage 1027-3. 45 
[01 16] The routing processing unit 1 1 1 is also addi- 
tionally modified. The routing processing unit 1 1 1 of the 
input line limitation type has determined the output line 
number to be forwarded to the corresponding subnet to 
which DIP belongs, whereas the source subnet limita- so 
tion type determines even a destination subnet identifier 
indicative of a subnet to which DIP belongs, in addition 
to the output line number. If the retrieval system 
described in Japanese Patent Application Laid-Open 
No. Hei 10-222535 referred to above is used, then the 55 
routing processing unit 111 can determine even the 
destination subnet identifier. Further, the routing 
processing unit 111 determines even a source subnet 



identifier indicative of a subnet to which SIP belongs, 
according to a method similar to DIP. The above- 
described source subnet identifier and destination sub- 
net identifier are transmitted to the flow detector 1012 
as subnet identifier information 16. 
[0117] Fig. 14 shows a control flowchart employed 
in the flow detection of the source subnet limitation type. 
The flowchart shown in Fig. 14 will be explained below 
while centering around a point of difference between the 
process of the source subnet limitation type and the 
process of the input line limitation type shown in Fig. 1 1 . 
[0118] With a change in the format of the list table 
1060, the flow detector 1012 stores an input line 
number 408 contained in header information 1 1 of each 
received packet in the packet line number storage 1027- 

2 as an alternative to the I/O line number storage 732 in 
Step 901 of a start of detection 900. When the flow 
detector 1012 receives the subnet identifier information 
16 from the routing processing unit 111, it stores a 
source subnet identifier in the subnet ID storage 1032 
(Step 902). in a read out of list table 930, a list table 
address generator 1031 generates each of list table 
addresses from the source subnet identifier stored in 
the subnet ID storage 1032 and the corresponding 
value M of the list number counter 733 and reads out 
the corresponding list 540 from the list table 1060 (Step 
932). 

[0119] A description will next be made of changes 
in processing for comparisons between input line num- 
bers by a condition check unit 1020. In Step 941 of a 
read out of entry table 940, the storage of an input line 
number 508 in the entry line number storage 1027-3 
and the storage of an input line number validity indica- 
tion bit 561 in a validity indication bits storage 1026 are 
performed in addition to the storage of the condition 
items SIP, DIP, SPORT, DPORT and TOS described in 
Fig. 1 1 . Upon a check of condition 920, the line number 
comparator 1027-1 determines the coincidence 
between information stored in the packet line number 
storage 1027-2 and the entry line number storage 1027- 

3 according to the state of the input line number validity 
indication bit 561 (Step 921-5). The source subnet limi- 
tation type is identical to the input line limitation type in 
operation other than the above. 

[0120] When the backbone router 328 of the net- 
work shown in Fig. 2 performs QoS control on packets 
sent from the enterprise network-C: 323 and the enter- 
prise network-D: 324, each enterprise network cannot 
be identified by the input line number as in the case of 
the edge router-B 327. In this case, each source subnet 
is used to specify an enterprise network. When the 
enterprise network-C and the enterprise network-D: 
324 are different in flow detection from each other, the 
backbone router 328 must have an entry group for the 
enterprise network-C: 323 and an entry group for the 
enterprise network-D: 324. Since, however, the flow 
detection can be performed with only the specific entry 
group corresponding to each source subnet, of these 
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entry groups as a retrieval object, the flow detection of 
the source subnet limitation type can obtain perform- 
ance equal to twice or more times that of the linear 
search type. 

[0121] A destination subnet limitation type flow 5 
detection for limiting each retrieval-oriented entry by a 
destination subnet will next be explained as a sixth 
embodiment of the present invention while centering 
around a point of difference between the present desti- 
nation subnet limitation type and the source subnet lim- 10 
itation type. 

[0122] In the flow detection of the destination sub- 
net limitation type, the list table 1060 shown in Fig. 10 is 
divided into a plurality of sub-list tables every destina- 
tion subnet identifiers in place of the source subnet is 
identifiers. In Step 902 in the flowchart shown in Fig. 14, 
a destination subnet identifier included in subnet identi- 
fier information 16 given from the routing processing 
unit 1 1 1 is stored in the subnet ID storage 1032. In Step 
932, the list table address generator 1031 generates 20 
each of list table addresses from the destination subnet 
identifier stored in the subnet ID storage 1032 and the 
corresponding value M of the list number counter 733. 
The destination subnet limitation type is identical in 
other processes to the source subnet limitation type. 25 
[0123] When the enterprise network-C: 323 and 
enterprise network-D: 324 are different in flow detection 
from each other where the backbone router 328 of the 
network shown in Fig. 2 performs QoS control on pack- 
ets to be forwarded to the enterprise network-C: 323 30 
and enterprise network-D: 324, the present destination 
subnet limitation type can obtain performance equal to 
twice or more times that of the linear search type by lim- 
iting each retrieval-oriented entry with the destination 
subnet as in the present embodiment. 35 
[01 24] A method of determining bandwidth monitor- 
ing information necessary for bandwidth monitoring and 
an altered TOS necessary to rewrite or alter TOS 512 in 
addition to priority information every received packets 
by reference to an entry table will next be described as 40 
a seventh embodiment of the present invention. A table 
format for determining the priority information, band- 
width monitoring information and altered TOS according 
to the flow detection of input line limitation type is shown 
in Fig. 22, the configuration of a condition check results 45 
judging unit 2310 is shown in Fig. 23, the configuration 
of a header processing unit 2410 is illustrated in Fig. 24, 
and a flowchart for describing the method is depicted in 
Fig. 25. A description will be made below of the differ- 
ence between the present method and the flow detec- so 
tion (input line limitation type) according to the first 
embodiment for determining only priority information as 
QoS control information. 

[0125] In each entry registered in an entry table 
2250, bandwidths allowed for its flow, e.g., bandwidth 55 
monitoring information 2213 indicative of the amount of 
data transmittable per unit hour and an altered TOS 
2214 are newly added to QoS control information 2230 



in addition to the priority information 507. Upon the flow 
detection, the bandwidth monitoring information 2213 
and the altered TOS 2214 are stored in a QoS control 
information storage 2316 together with the priority infor- 
mation 507 in Step 2541 of a read out of entry table 
2540 as shown in Fig. 25. At this time, line numbers and 
list table addresses are supplied from a flow detector 
112 to a bandwidth monitor 2414 as flow identification 
information 17A. 

[0126] In a judge of condition check result 2510, a 
condition check results judging circuit 2311 transmits 
the priority information and altered TOS read out from 
the QoS control information storage 2316 to an output 
FIFO allocation circuit 121 as packet priority information 
13 and packet altered TOS information 19 respectively, 
and transmits the bandwidth monitoring information 
read out from the QoS control information storage 2316 
to the bandwidth monitor 2414 as packet bandwidth 
monitoring information 17B (Step 2511). 
[0127] The bandwidth monitor 2414 is supplied with 
information indicative of a total length (not shown in Fig. 
3)-of each packet included in an IP header field of each 
received packet from the output FIFO allocation circuit 
121 in addition to the flow identification information 17A 
and bandwidth monitoring information 17B sent from 
the flow detector 1 12 in Step 601. The bandwidth moni- 
tor 2414 cumulates the total lengths of the received 
packets per unit hour in a counter area corresponding to 
the flow identification information 17A when the band- 
width monitor 2414 has received the bandwidth moni- 
toring information 17B therein. Further, the bandwidth 
monitor 2414 determines whether the cumulated value 
exceeds a bandwidth supplied as the bandwidth moni- 
toring information 17, and outputs a bandwidth judg- 
ment signal 18 indicative of whether the flows of the 
respective received packets comply with a contract 
bandwidth or is in violation of contract, to the output 
FIFO allocation circuit 121. 

[0128] The output FIFO allocation circuit 121 writes 
the packet priority information 13 and the packet altered 
TOS 19 received from the flow detector 112 into the cor- 
responding header field of each received packet stored 
in a buffer memory 128 as QoS control information 409 
and TOS 411. If the bandwidth judgment signal 18 indi- 
cates the compliance of the control bandwidth when all 
the output line number 408, DA MAC 401, QoS control 
information 409 and TOS 411 are written into the 
header of each received packet, then the output FIFO r 
allocation circuit 121 supplies each received packet 
stored in the buffer memory 128 to each output FIFO 
buffer 127-ij (j=1 or 2) specified by the priority informa- 
tion 13, of each line corresponding unit 122-i indicated 
by the output line number 408. If the bandwidth judg- 
ment signal 18 indicates a violation of contract band- 
width, then the output FIFO allocation circuit 121 
discards the received packet stored in the buffer mem- 
ory 128. In place of the discarding of the received 
packet, the TOS 411 or QoS control information 409 of 
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each packet header are rewritten into a value indicative 
of low priority and the received packet may be supplied 
to a low-priority output FIFO buffer. 
[0129] In order to implement QoS control over an 
ATM network or a frame relay network which connects 
between routers, each router needs to allocate connec- 
tions (VC/VP and DLCI) every received packets accord- 
ing to users or applications specified by packet headers 
and perform QoS control with a data link layer. In this 
case, each router needs a flow detection for determin- 
ing each connection. 

[0130] One example of the allocation of connec- 
tions will be explained with reference to Fig. 46. A net- 
work shown in Fig. 46 comprises an enterprise network- 
A: 4302, an enterprise network-B: 4303, and a public 
ATM network 4301 for connecting these enterprise net- 
works to one another. The public ATM network 4301 
includes an ATM switch A: 4310, and an ATM switch B: 
431 1. Assume that a connection VC1 of CBR (Constant 
Bit Rate) and a connection VC2 of UBR (Unspecified Bit 
Rate) are set between a router 4312 of the enterprise 
network-A: 4302 and a router 4313 of the enterprise 
network-B: 4303. Since a packet on the connection VC1 
is transferred preferentially as compared with a packet 
on the connection VC2 at the ATM switch 4310 and ATM 
switch 431 1 in this case, QoS is assured but not for the 
packet on the connection VC2. The router 4312 per- 
forms flow detection on the corresponding packet sent 
from the enterprise network-A: 4302 to the enterprise 
network-B: 4303, and allocates the CBR connection 
VC1 to each packet to assure QoS and assigns the 
UBR connection VC2 to packets other than that. 
[01 31 ] One examples of an entry table 2650, a con- 
dition check results judging unit 2710 and a control flow- 
chart employed in the input line limitation type used for 
determining the aforementioned connections will be 
shown in Figs. 26, 27 and 28 as an eighth embodiment 
of the present invention. A description will be made 
below of a point of difference between the present flow 
detection and the flow detection according to the first 
embodiment for determining only the priority informa- 
tion. 

[0132] As shown in Fig. 26, connection information 
2615 is newly added to each entry of the entry table 
2650 as QoS control information 2630. 
[0133] In a read out of entry table 2840 in the flow- 
chart shown in Fig. 28, the connection information 2615 
is also stored in a QoS control information storage 2716 
together with priority information 507. In a judge of con- 
dition check results 2810, a condition check results 
judging circuit 2711 reads the connection information 
and priority information from the QoS control informa- 
tion storage 2716 according to condition check results 
set to a condition check results storage 712 and outputs 
them to an output FIFO allocation circuit 121 as QoS 
information 20 (Step 2811). The output FIFO allocation 
circuit 121 writes the priority information and connection 
information specified by the QoS information 20 into a 



QoS control information field 409 of each received 
packet stored in a buffer memory 128 and supplies the 
packet to each output FIFO buffer 127-ij indicated by the 
priority information lying within each line interface unit 
5 122-i indicated by an output line number 408. Each 
packet is assigned the connection specified by the con- 
nection information on the QoS control information field 
409 by each transmission circuit 125-i and sent to its 
corresponding line 123-i. 
w [0134] While the flow detection for the QoS control 
has been described above, a flow detection for filtering 
will next be described as a ninth embodiment of the 
present invention. 

[0135] Figs. 29, 30 and 31 respectively show one 
15 examples of an entry table 2950, a condition check 
results judging unit 3010 and a control flowchart 
employed in an input line limitation type applied to the 
flow detection for filtering. A description will be made 
below of a point of difference between the present flow 
20 detection and the flow detection according to the first 
embodiment for determining the priority information 
based on the QoS control. 

[0136] Upon the filtering, a check is made as to 
header information about a packet received by each line 

25 corresponding unit 122 and whether or not it can be for- 
warded to other line interface units, is determined. As 
shown in Fig. 29, each entry registered in the entry table 
for filtering includes filtering control information 2931 
indicative of forwarding control information 2916 in 

30 place of the QoS control information 530 employed in 
the first embodiment. As shown in Fig. 30, the condition 
check results judging unit 3010 of the flow detector 112 
has a filtering control information storage 3016 in place 
of the QoS control information storage 713. In a read 

35 out of entry table 3140 in the flowchart shown in Fig. 31 , 
the forwarding control information 2916 of each entry 
read out from the entry table is stored in the filtering 
control information storage 3016. When the header 
information of each received packet has coincided with 

40 a flow condition in a judge of condition check results 
31 10, a condition check results judging circuit 301 1 out- 
puts filtering control information read out from the filter- 
ing control information storage 3016 to an output FIFO 
allocation circuit 121 as forwarding control information 

45 21 in place of the priority information employed in the 
first embodiment (Step 3111). 

[0137] The illustrated embodiment has described 
the flow detection with the objective of performing either 
one of the QoS control and filtering. While the router 

"50 326 lying within the Internet 325 may generally perform 
only the flow detection for the QoS control in the net- 
work shown in Fig. 2 by way of example, the gateway 
router 329 connected to the router 326 needs to perform 
both flow detections for the QoS control and filtering. 

55 [0138] A description will be made below of flow 
detections applicable to the QoS control and filtering as 
further embodiments of the present invention. In the 
present invention, a flow detection in which each entry 
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is applied to both QoS control and filtering, is called 
"simultaneous flow detection", and a flow detection in 
which different entries are applied to Qos control and fil- 
tering respectively, is called "two-stage flow detection". 
[0139] The flow detection of simultaneous flow 5 
detection type will first be described as a tenth embodi- 
ment of the present invention. In the flow detection of 
simultaneous flow detection, QoS control information 
necessary for QoS control and forwarding control infor- 
mation necessary for filtering are simultaneously deter- 10 
mined. Figs. 32, 33 and 34 respectively show one 
examples of an entry table 3250, a condition check 
results judging unit 3310, and a control flowchart based 
on an input line limitation type used for the simultaneous 
flow detection. A description will be made below of a 15 
point of difference between the present flow detection 
and the flow detection of the first embodiment for deter- 
mining the priority information for QoS control. 
[0140] As shown in Fig. 32, each entry 321 1 of the 
entry table 3250 includes a flow condition 3211 and fil- 20 
tering control information 2931 including forwarding 
control information 2916 in addition to the QoS control 
information 530 including the priority information. 
[0141] As shown in Fig. 33, the condition check 
results judging unit 331 0 is provided with a filtering con- 25 
trol information storage 3016 in addition to a condition 
check results storage 712 and a QoS control informa- 
tion storage 713. 

[0142] In Step 3441 of a read out of entry table 
3440 in the flowchart shown in Fig. 34, priority informa- 30 
tion 507 and forwarding control information 2916 of 
each entry are respectively stored in the above- 
described storages 713 and 3016. When the header 
information of each received packet has coincided with 
a flow condition, a condition check results judging circuit 35 
331 1 outputs priority information and forwarding control 
information read out from these storages 713 and 3016 
to an output FIFO allocation circuit 121 in a judge of 
condition check results 3410. 

[0143] In the two-stage flow detection type flow 40 
detection according to an eleventh embodiment of the 
present invention, a flow detection for QoS control and a 
flow detection for filtering are executed on a time 
sequence basis. Figs. 35, 36 and 37 respectively show 
one examples of a list table 3560 and an entry table 45 
3550, a flow detector 3612, and a control flowchart 
according to an input line limitation type employed in the 
two-stage flow detection type. Incidentally, condition 
check Steps 621-1 through 621-4 and 621-6 provided 
every items are summarized as Step 621 in Fig. 37. so 
[0144] As shown in Fig. 35, entries 291 1 for filtering 
and entries 511 for QoS control are registered in the 
entry table 3550 in mixed form. On the other hand, the 
list table 3560 includes a list table for filtering comprised 
of a plurality of lists 3540 including pointer addresses of 55 
the entries 291 1 for filtering, and a list table for QoS con- 
trol comprised of a plurality of lists 3541 including 
pointer addresses of the entries 511 for QoS control. 



Each list table is divided into a plurality of subtables cor- 
responding to input line numbers respectively. Upon the 
flow detection for filtering, each list for filtering 3540 is 
read out, whereas upon the flow detection for QoS con- 
trol, each list for QoS control 3541 is read out. 
[0145] As shown in Fig. 36, the flow detector 3612 
is provided with a flow detection status storage 3670 
indicative of whether either of the flow detection for fil- 
tering and the flow detection for QoS control is being 
executed. 

[0146] When the flow detector 3612 receives 
header information 11 from a packet I/O unit 120 as 
shown in Fig. 37, it sets a value indicative of filtering sta- 
tus to the flow detection status storage 3670 to perform 
the flow detection for filtering after the execution of a 
start of detection 600 (Step 3750). 
[0147] Upon a read out of list table 3730, an entry 
table read out unit 3630 determines each list table to be 
accessed, according to a status value of the flow detec- 
tion status storage 3670. In the preset example, a list 
table for filtering is first selected and lists are sequen- 
tially read out from subtables each corresponding to an 
input line number of each received packet (Step 3732). 
In a read out of entry table 3740, entries are read out 
from the entry table 3550 based on pointer addresses 
indicated by the lists respectively. When the flow detec- 
tion is being in a filtering state, respective item informa- 
tion on flow conditions 521 in the read entries are 
respectively stored in storages 722-3, ... 728-3 of a con- 
dition check unit 720, and forwarding control information 
included in filtering control information 3531 is stored in 
a filtering control information storage 3016 (Step 3741). 
In a judge of condition check results 3710, a condition 
check results judging unit 3610 determines the status 
value of the flow detection status storage 3670 (Step 
3713). When the flow detection is in the filtering state, 
the condition check results judging unit 3610 sends the 
value stored in the filtering control information storage 
3016 to the FIFO allocation circuit 121 as packet for- 
warding control information 21 (Step 3712). Thereafter, 
the condition check results judging unit 3610 makes a 
decision as to whether the forwarding control informa- 
tion indicates either a packet pass or a packet discard 
(Step 3714). If the forwarding control information indi- 
cates the packet discard, then the flow detection related 
to each packet referred to above is terminated without 
the execution of the flow detection for QoS control (Step 
3715). When the forwarding control information is found 
to have indicated the packet pass, then the condition 
check results judging unit 3610 sets a status value 
indicative of a QoS control state to the flow detection 
status storage 3670 to proceed to the flow detection for 
QoS control (Step 3760) and returns to the read out of 
list table 3730. 

[0148] In the read out of list table 3730, the lists 
3541 registered in the list table for QoS control are 
sequentially read out according to the switching 
between status modes for the flow detection. In the read 
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out of entry table 3740, each entry for QoS control is 
read out from the entry table, based on each list 3541 
referred to above and each priority information included 
in QoS control information 3532 is stored in the QoS 
control information storage 713 {Step 3741). Since the 5 
status value of the flow detection status 3670 indicates 
QoS control in the judge of condition check results 
3710, a condition check results judging circuit 3611 
sends the information stored in the QoS control informa- 
tion storage 713 to the FIFO allocation circuit 121 as 10 
packet priority information 13 (Step 3711) and thereaf- 
ter completes the flow detection (Step 3715). 
[0149] Since the flow detection for QoS control with 
respect to each discarded packet can be omitted upon 
the first execution of the flow detection for filtering in the is 
two-stage flow detection type flow detection as 
described above, the time required to perform the flow 
detection can be shortened. 

[0150] Whether either of the aforementioned two- 
stage flow detection type and simultaneous flow detec- 20 
tion type is reduced in set entry and is fit for speeding- 
up, varies depending on flow_ conditions., A description 
will be made of the difference in the number of entries at 
the time that the gateway router 329 shown in Fig. 2 
executes each flow detection by reference to the entries 25 
identical in flow conditions for QoS control and filtering. 
[01 51 ] Fig. 38 shows the contents of the entry table 
3250 for the simultaneous flow detection type, and Fig. 
39 shows the contents of the entry table 3550 for the 
two-stage flow detection type. In Fig. 39, three entries 30 
as viewed from above the entry table 3550 are used for 
filtering and the remaining two entries are used for QoS 
control. 

[0152] In the case of the entries for both filtering 
and QoS control, the flow conditions are represented as 35 
SIP = enterprise network-A: 321, enterprise network-C: 
323, enterprise network-D: 324 and DIP = enterprise 
network-B: 322. Assume that upon filtering, the gateway 
router 329 forwards received packets sent from the 
enterprise network-A: 321 and enterprise network-C: 40 
323, discards a received packet sent from the enter- 
prise network-D: 324 corresponding to another enter- 
prise, and upon QoS control, the gateway router 329 
preferentially forwards a received packet sent from the 
enterprise network-A: 321 and non-preferentially for- 45 
wards a packet sent from the enterprise network-C: 
323. 

[0153] While the five entries are registered in the 
entry table 3550 as shown in Fig. 39 in the case of the 
two-stage flow detection type, the number of entries to so 
be registered in the entry table 3250 may be three as 
shown in Fig. 38 in the case of the simultaneous flow 
detection type. The reason why each entry for QoS con- 
trol of the enterprise network-D: 324 in the two-stage 
flow detection type is not registered, is that when each 55 
received packet is discarded in Step 3714, the flow 
detector 3612 terminates its flow detecting operation 
without performing the flow detection for QoS control. 
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[01 54] A description will next be made of the differ- 
ence in the number of entries at the time that the gate- 
way router 329 shown in Fig. 2 executes each flow 
detection by reference to the entries different in flow 
conditions for QoS control and filtering. Fig. 40 shows 
an entry table 3250 for a simultaneous flow detection 
type, and Fig. 41 shows the contents of an entry table 
3550 for a two-stage flow detection type, respectively. 
[0155] Flow conditions for filtering are given as SIP 
= enterprise network-A: 321, enterprise network-C: 
323, enterprise network-D: 324 and DIP = enterprise 
network-B: 322. Flow conditions for QoS control are 
applications (FTP, TELNET, HTTP). A packet of 
FTP/HTTP is non-preferentially transferred or forwarded 
and a packet of TELNET is preferentially forwarded. In 
the present example, seven entries are necessary for 
the simultaneous flow detection type entry table 3250, 
whereas six entries may be provided in the two-stage 
flow detection type entry table 3550. The number of 
combinations of the flow conditions for filtering and QoS 
control are given as three in the present example. How- 
ever, the more, the number of these .combinations 
increases, the more the difference in the number of 
entries to be registered becomes great. 
[0156] Judging from the above description, the 
number of the entries to be registered in the entry table 
is reduced if the simultaneous flow detection type is 
adopted when the flow conditions for Qos control and fil- 
tering are the same, whereas the number thereof is 
reduced if the two-stage flow detection type is adopted 
when the flow conditions are different from each other. 
[01 57] A "mode switching type" flow detection capa- 
ble of reducing the number of entries by performing the 
switching between the two-stage flow detection type 
and the simultaneous flow detection type will be 
explained as a twelfth embodiment of the present inven- 
tion while making a comparison with the two-stage flow 
detection type. 

[0158] Figs. 42, 43 and 44 respectively show one 
examples of an entry table 3950, a condition check 
results judging unit 4010 and a control flowchart applied 
to the mode switching type flow detection. 
[01 59] As shown in Fig. 42, each entry 391 1 of the 
entry table 3950 has the contents obtained by adding a 
flow detection mode 3965 to each entry 3211 of the 
simultaneous flow detection type. A value indicative of 
either the simultaneous detection type or the two-stage 
flow detection type is set to the flow detection mode 
3965. As shown in Fig. 43, the condition check results 
judging unit 4010 is provided with a flow detection mode 
storage 4014 for storing the flow detection mode 3965 
therein. 

[0160] In the mode switching type flow detection, 
the priority information 507, forwarding control informa- 
tion 2916 and flow detection mode 3965 of each read 
entry are respectively stored in the QoS control informa- 
tion storage 713, filtering control information storage 
3016 and flow detection mode storage 4014 without 
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regard to the status value of the flow detection status 
storage 3670 in Step 4141 of a read out of entry table 
4140 as show in Fig. 44. If a condition check results 
judging circuit 4011 refers to a status value of the flow 
detection mode storage 4014 (Step 4116) and the flow 
detection mode indicates the simultaneous flow detec- 
tion type in a judge of condition check results 4110, then 
the condition check results judging circuit 4011 outputs 
the priority information read from the QoS control infor- 
mation storage 713 and the forwarding control informa- 
tion read from the filtering control information storage 
3016 to the output FIFO allocation circuit 121 as packet 
priority information 13 and packet forwarding control 
information 21 respectively (Step 4117) and terminates 
the flow detection (Step 4115). 

[0161] When the flow detection mode indicates the 
two-stage flow detection, the condition check results 
judging unit 4010 determines the status value of the 
flow detection status storage 3670 (Step 4113). If the 
status value indicates a filtering state, then the condition 
check results judging unit 4010 outputs the contents of 
the filtering control information storage 3016 to the out- 
put FIFO allocation circuit 121 as forwarding control 
information 21 (Step 4112). Thereafter, the forwarding 
control information is checked (Step 4114). If the for- 
warding control information indicates a packet discard, 
then the flow detecting operation is terminated without 
executing the flow detection for QoS control (Step 
4115). When the forwarding control information indi- 
cates the pass of a packet, the condition check results 
judging unit 4010 consecutively sets a value indicative 
of a QoS control state to the flow detection, status stor- 
age 3670 to execute the flow detection for QoS control 
(Step 3760) and returns to the read out of list table 
3730. When the status value of the flow detection status 
storage 3670 indicates the QoS control, the condition 
check results judging circuit 401 1 outputs the contents 
of the QoS control information storage 71 3 to the output 
FIFO allocation circuit 121 as packet priority information 
13 (Step 4111) and terminates the flow detection (Step 
4115). 

[0162] According to the mode switching type flow 
detection described above, since the switching between 
the two-stage flow detection and the simultaneous flow 
detection can be done every entries, the manager for 
the router 100 can reduce the number of the entries by 
designating the suitable flow detection mode corre- 
sponding to the flow condition for each entry. 
[0163] A description will next be made of pipeline 
processing at the flow detection of the input line limita- 
tion type. 

[0164] Fig. 16A shows the manner in which in the 
input line limitation type flow detection, the list table 
read out unit 730, the entry table read out unit 740, the 
condition check unit 720, and the condition check 
results judging unit 710 respectively execute the read 
out of list table 630, the read out of entry table 640, the 
check of condition 620, and the judge of condition check 



results 610 on a time-serial basis. Here, a "packet 1" 
indicates that the flow detector 1 12 performs the start of 
detection 600 on the received packet 1. Entries N 
(where N = 1,2, ...) indicate that the condition check 

5 results judging unit 710, the condition check unit 720, 
the list table read out unit 730, and the entry table read 
out unit 740 respectively execute processes (the judge 
of condition check results 610, the check of condition 
620, the read out of list table 630, and the read out of 

10 entry table 640) corresponding to the entries N. Inciden- 
tally, the time intervals required to perform each individ- 
ual processes referred to above are set to the same in 
Fig. 16A for simplification. 

[0165] In serial processing, other processing units 

15 or processors are not operated while one processing 
unit or processor is under the execution of a process. 
While, for example, the check of condition 620 is being 
executed, the entry table read out unit 740 stops 
processing. Thus, according to the serial processing, a 

20 processing time equivalent to the sum of time periods 
necessary for the read out of list table 630, the read out 
of entry table 640, the check of condition 620 and the 
judge of condition check results 610 is required to make 
decisions as to respective entries. 

25 [0166] It is desirable that in order to speed up the 
flow detection, the aforementioned plurality of opera- 
tions (630, 640, 620 and 610) are subjected to pipeline 
processing and the four processors are activated at ail 
times as shown in Fig. 16B. When, for example, a proc- 

30 essor-A terminates processing of each entry-N under 
the pipeline processing, the processor-A is next capable 
of starting processing of an entry-N+1 regardless of 
whether a processor-B for processing the subsequent 
process steps has finished the processing of each 

35 entry-N. By processing each entry in the entry table by 
the pipeline processing in this way, a process per entry 
can be shortened to one processing time. In the exam- 
ple shown in Fig. 16B, the processing speed can be 
improved to four times that for the serial processing. 

40 [0167] The pipeline processing is effective even for 
flow detections of other types (output line limitation type, 
SAMAC limitation type, DAMAC limitation type, source 
subnet limitation type and destination subnet limitation 
type) other than the input line limitation type. 

45 [0168] The header processing unit 110 and packet 
I/O unit 120 shown in Fig. 1 are respectively formed of 
different semiconductor chips. When the priority infor- 
mation for QoS control is determined, for example, infor- 
mation communicated between a semiconductor chip 

so equipped with the header processing unit 110 and a 
semiconductor chip group which constitutes the packet 
I/O unit 120, may include header information 11, output 
line information 12, packet priority information 13 and 
DAMAC information 15. Namely, since user data large 

55 in the amount of information is not transferred between 
the header processing unit 110 and the packet I/O unit 
120, it is not necessary to allocate input/output pins of 
these semiconductor chips for user data transfer. Since 
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the semiconductor chip equipped with the header 
processing unit 110 is shared between a plurality lines, 
the provision of semiconductor chips for header 
processing every lines becomes unnecessary and the 
number of semiconductor chips can be reduced. Even 5 
when the routing processing unit 111, flow detector 1 1 2 
and ARP processing unit 113 in the header processing 
unit 110 are respectively implemented on different sem- 
iconductor chips, advantages obtained by sharing of 
these components (the routing processing unit 1 1 1 , flow w 
detector 112 and ARP processing unit 113) remain 
unchanged. 

[0169] Figs. 19 through 21 show effects of the 
present invention respectively. In these drawings, the 
vertical axis indicates flow detection performance (pps: 15 
number of packets processable for one second), and 
the horizontal axis indicates the number of entries reg- 
istered in an entry table. 

[0170] Fig. 19 shows a graph in which a linear 
search type, an input line limitation type and an output 20 
line limitation type are compared with one another. 
When a router has N input lines and all the input lines 
are different in flow detection condition from one 
another, for example, enterprise networks different 
every lines are connected, the router needs to have flow 25 
detecting entries different from one another every input 
lines. In the linear search type, all these entries become 
objects to be detected or retrieved. According to the 
input line limitation type on the other hand, since only an 
entry group associated with an input line which coin- 30 
cides with that of the received packet may be set as an 
object to be retrieved, the number of entries to be 
retrieved results in 1/N as compared with the linear 
search type and the flow detection time is also short- 
ened to 1/N, thus resulting in the acquisition of perform- 35 
ance equal to N times that of the linear search type. 
Similarly to this, the output line limitation type can imple- 
ment performance equivalent to N times that of the lin- 
ear search type where a router has N output lines and 
all the output lines are different in flow detection condi- 40 
tion from one another. 

[0171] Fig. 20 shows a graph in which a linear 
search type, a source subnet limitation type and a des- 
tination subnet limitation type are compared with one 
another. as 
[0172] Assuming that when packets sent from R 
source networks are flow-detected, all the flow detec- 
tions for these source networks differ from one another, 
a router needs to have R or more flow detecting entries 
prepared for respective source subnets. All these so 
entries are objects to be retrieved in the linear search 
type flow detection, whereas in the source subnet limi- 
tation type flow detection, only an entry group associ- 
ated with a source subnet which coincides with that of 
the transmitted packet or received packet becomes an ss 
object to be retrieved. Thus, the source subnet limitation 
type is capable of implementing performance equal to R 
times that of the linear search type. Similarly, when R 
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destination networks have different flow detection con- 
ditions respectively, the destination subnet limitation 
type flow detection implements performance equivalent 
to R times that of the linear search type. 
[0173] Fig. 21 illustrates a graph in which both per- 
formance obtained at the time that the input line limita- 
tion type flow detection is performed with serial 
processing and pipeline processing, are compared. 
When the input line limitation type flow detection shown 
in Figs. 11 and 12 by way of example is executed 
according to the pipeline processing, the present input 
line limitation type can implement performance equal to 
four times as compared with the serial processing. 
When the flow detection consists of parallel-processa- 
ble P processes, the pipeline processing obtains per- 
formance equal to P times that for the serial processing. 
[0174] According to the present invention, as 
apparent from the above description, an entry table in 
which flow conditions for QoS control or filtering are 
defined, comprises a plurality of subtables correspond- 
ing to specific items attendant to header information of 
packets, and each entry group to be. referred to for the, 
purpose of checking flow conditions of each received 
packet can be limited to a specific subtable. Therefore, 
even when flow conditions for user identification infor- 
mation, protocol information, priority information, etc. 
are made complex, for example, a flow detection can be 
done at high speed. 

[0175] While the present invention has been 
described with reference to the illustrative embodi- 
ments, this description is not intended to be construed 
in a limiting sense. Various modifications of the illustra- 
tive embodiments, as well as other embodiments of the 
invention, will be apparent to those skilled in the art on 
reference to this description. It is therefore contem- 
plated that the appended claims will cover any such 
modifications or embodiments as fall within the true 
scope of the invention. 

Claims 

1 . A packet forwarding apparatus provided with a plu- 
rality of line interface units each connected to an 
input line and an output line, comprising: 

a routing processing unit for referring to a rout- 
ing table, based on header information of pack- 
ets received from the input lines by said line 
interface units and specifying one of said out- 
put lines for each of said received packets to 
output the packets; 

a flow detection unit for retrieving, by referring 
to an entry table storing a plurality of entries 
each including flow conditions and control 
information, control information defined by one 
of said entries with the flow condition which 
coincides with that of the header information of 
said received packet; and 
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5. 



6. 



7. 



a packet forwarding unit for transferring said 
received packet to one of said line interface 
units connected to the output line specified by 
said routing processing unit; and 
wherein said entry table comprises a plurality 
of subtables respectively corresponding to the 
values of flow attributes associated with the 
received packets, 

said flow detection unit retrieves the control 
information for each of said received packets, 
from the subtable specified by the value of the 
flow attribute associated with each of said 
received packets, and 

said packet forwarding unit controls the transfer 
of each of said received packets to one of said 
line interface units in accordance with the con- 
trol information notified from said flow detection 
unit. 

The packet forwarding apparatus according to 
claim 1 , wherein said entry table comprises a first 
table for storing said plurality of entries therein and 
a list table for storing therein pointer addresses for 
accessing the entries lying within said first table, 
said list table being divided into a plurality of sub-list 
tables corresponding to the values of the flow 
attributes, and 

said flow detection unit refers to one of said 
sub-list tables specified by the value of the flow 
attribute associated with each of said received 
packets to retrieve the entry with a flow condi- 
tion which coincides with that of the header 
information of said received packet, based on a 
pointer address stored in the sub-list table: 

The packet forwarding apparatus according to 
claim 1, wherein said flow attribute is a line number 
indicative of the input line of said received packet. 

The packet forwarding apparatus according to 
claim 1, wherein said flow attribute is a line number 
indicative of the output line to output said received 
packet. 

The packet forwarding apparatus according to 
claim 1, wherein said flow attribute is a MAC identi- 
fier produced from a source MAC address included 
in the header information of said received packet. 

The packet forwarding apparatus according to 
claim 1 , wherein said flow attribute is a MAC identi- 
fier produced from a destination MAC address 
included in the header information of said received 
packet. 

The packet forwarding apparatus according to 
claim 1 , wherein said flow attribute is a source sub- 
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net identifier for identifying a subnet to which a 
source IP address included in the header informa- 
tion of said received packet belongs. 

8. The packet forwarding apparatus according to 
claim 1, wherein said flow attribute is a destination 
subnet identifier for identifying a subnet to which a 
destination IP address included in the header infor- 
mation of said received packet belongs. 

9. The packet forwarding apparatus according to 
claim 1 , wherein each of said entries registered in 
the entry table includes, as said flow condition, at 
least one type of information selected from among 
a line number indicative of the input line of said 
received packet, a line number indicative of the out- 
put line for said received packet, and address infor- 
mation, application identification information and 
identification information on service priority 
included in the header of said received packet. 

10. The packet forwarding apparatus according to 
claim 1 , wherein each of said entries registered in 
the entry table includes, as said control information, 
at least one type of information selected from prior- 
ity information indicative of priority for the transmis- 
sion of said received packet to said output line and 
forwarding control information indicative of whether 
the transfer of said received packet to one of said 
output lines is required, and 

said packet forwarding unit performs at least 
one of filtering control of said received packet 
and priority control for the transfer of said 
received packet to one of said output lines in 
accordance with the control information notified 
from said flow detection unit. 

11. The packet forwarding apparatus according to 
claim 1 1 wherein each of said entries registered in 
the entry table includes, as the control information, 
priority information indicative of priority for the 
transmission of said received packet to said output 
line, and forwarding control information indicative of 
whether the transfer of said received packet to one 
of output lines is required, and 

said packet forwarding unit performs both filter- 
ing for said received packet and priority control 
for the transfer of said received packet to the 
output line in accordance with the priority infor- 
mation and forwarding control information noti- 
fied from said flow detection unit as the control 
information. 

12. The packet forwarding apparatus according to 
claim 1 , wherein each of said entries registered in 
the entry table includes, as the control information, 
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priority information indicative of priority for the the connection identification information, 

transmission of said received packet to said output formed over the output tine connected thereto, 

line, and TOS (Type of Service) information, and 

said packet forwarding unit rewrites TOS infor- 5 
mation included in header information of said 
received packet in accordance with the TOS 
information notified from said flow detection 
unit as the control information and thereafter 
performs priority control for the transfer of said w 
received packet to the output line in accord- 
ance with the priority information notified from 
said flow detection unit as the control informa- 
tion. 

is 

13. The packet forwarding apparatus according to 
claim 2, wherein said list table comprises a first list 
table for use in filtering of said received packets and 
a second list table for use in forwarding control of 
said received packets, and both of said first and 20 
second list tables are divided into a plurality of sub- 
tabls corresponding to the values of said flow 
attributes respectively, and 

said flow detection unit selectively refers to said 25 
first and second list tables for each of said 
received packets to retrieve filtering control 
information and forwarding control information 
related to each of said received packets. 

30 

14. The packet forwarding apparatus according to 
claim 2, wherein a memory region for forming said 
first table and said flow detection unit are integrated 
onto the same semiconductor substrate. 

35 

15. The packet forwarding apparatus according to 
claim 2, wherein the memory region for forming 
said first table, said flow detection unit, and said 
routing processing unit are integrated onto the 
same semiconductor .substrate. 40 

16. The packet forwarding apparatus according to 
claim 1 , wherein each of said entries registered in 
the entry table includes priority information and 
connection identification information as the control 45 
information, 

said packet forwarding unit adds the connec- 
tion identification information notified form said 
flow detection unit as the control information to so 
said received packet and thereafter performs 
priority control for the transfer of said received 
packet to the output line in accordance with the 
priority information notified from said flow 
detection unit as the control information, and 55 
said each of said line interface units outputs the 
packet received from said packet forwarding 
unit to one of connections, corresponding to 
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